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DETAILED ACTION 



Response to Arguments 



1 . In view of the Appeal Brief filed on 1/17/06, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.1 1 3 (if this Office action is finall; or, 

(2) request for reinstatement of the appeal. 

If reinstatement of the appeal is requested, such request must be accompanied 
by a supplemental appeal brief, but no new amendments, aTdavits (37 CFR 1.130, 
1. 131 or 1.132) or other evidence are permitted. See 37 CFR 1.193 (b)(2). 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 



2. Claims 1-29 are pending. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 



signing below: 
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4. Claims 1-5, 15-17 and 22-24 are rejected under 35 U.S.C. 102(b) as being 
anticipated by "Doctor Web for Windows (workstation) published by DialogueScience, 
Inc., 1999 (hereinafter Doctor Web). 
As per claims 1 and 15: 

Doctor Web teaches a computer and a method comprising: 

an operating system controlling a computer resource; (Page 1, paragraph 1) and 

an intrusion detection system integrated with the operating system and operable 
to monitor the computer resources to detect and prevent intrusion attempts. (Page 1, 
paragraph 1; ...one of the world's most clever memory resident monitors -"Spider 
Guard", deeply integrated into the operating system, which practically excludes any 
possible intrusion ...) 
As per claims 2-3, 16-17 and 23: 

Doctor Web teaches all the subject matter as discussed above. In addition, 
Doctor Web further discloses a computer and a method wherein the computer resource 
is selected from the group consisting of data storage system, input/output system, a 
networking system, an application program execution environment, and interfaces to 
peripheral devices. (Page 2, DrWeb for Windows 95/98/NT scan objects such as drives, 
folders, and even individual files) 
As per claims 4-5 and 24: 

Doctor Web teaches all the subject matter as discussed above. In addition, 
Doctor Web further discloses a computer and a method comprising an anti-virus system 
integrated with the operating system and operable to monitor the data storage system, 
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input/output system, networking system, application program execution environment, 
and interfaces to peripheral devices to detect and report the presence of at least one 
virus. (Page 1, paragraph 1; ... memory resident monitors -"Spider Guard", deeply 
integrated into the operating system, which practically excludes any possible intrusion of 
malicious code, i.e. virus, worm, Trojan ...) 
As per claim 22: 

Doctor Web teaches a method comprising: 

executing an OS-integrated anti-virus system; (Page 1, paragraph 1) and 
monitoring at least one computer resource to detect the presence of at least one 
virus. (Page 1, paragraph 1; ... memory resident monitors -"Spider Guard", deeply 
integrated into the operating system, which practically excludes any possible intrusion of 
malicious code, i.e. virus, worm, Trojan program into your computer) 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 10-14 and 25-29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over "Doctor Web for Windows (workstation) published by 
DialogueScience, Inc., 1999 (hereinafter Doctor Web) in view of Walsh et al. 
(hereinafter Walsh) United States Letter Patent Number 5,856,481. 
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As per claims 10 and 25: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose an anti-virus system comprises a module operable to prevent 
reassembly of a virus. 

Walsh in analogous art, however, discloses an anti-virus system comprises a 
module operable to prevent reassembly of a virus. (Col. 2, lines 63-67; Col. 3, lines 20- 
22) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the device disclosed by Doctor Web to 
include an anti-virus system integrated with the operating system and operable to 
monitor the data storage system, input/output system, networking system, application 
program execution environment, and interfaces to peripheral devices to detect and 
report the presence of at least one virus. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so as 
suggested by Walsh (Abstract) in order to have a system that provides protection from 
infection or damage by a virus and advise the possible danger of spreading the virus. 
As per claims 1 1 and 26: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose an anti-virus system comprises a module operable to recognize a 
virus. Walsh in analogous art, however, discloses an anti-virus system comprises a 
module operable to recognize a virus. (Col. 7, lines 25-41) 
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Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the device disclosed by Doctor Web to 
include an anti-virus system integrated with the operating system and operable to 
monitor the data storage system, input/output system, networking system, application 
program execution environment, and interfaces to peripheral devices to detect and 
report the presence of at least one virus. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so as 
suggested by Walsh (Abstract) in order to have a system that provides protection from 
infection or damage by a virus and advise the possible danger of spreading the virus. 
As per claims 12 and 27: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose an anti-virus system comprises a module operable to prevent 
storage of a virus. Walsh in analogous art, however, discloses an anti-virus system 
comprises a module operable to prevent storage of a virus. (Col. 3, lines 38-42) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the device disclosed by Doctor Web to 
include an anti-virus system integrated with the operating system and operable to 
monitor the data storage system, input/output system, networking system, application 
program execution environment, and interfaces to peripheral devices to detect and 
report the presence of at least one virus. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so as 
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suggested by Walsh (Abstract) in order to have a system that provides protection from 
infection or damage by a virus and advise the possible danger of spreading the virus. 
As per claims 13 and 28: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose an anti-virus system comprises a module operable to prevent 
transmission of a virus. Walsh in analogous art, however, discloses an anti-virus system 
comprises a module operable to prevent transmission of a virus. (Col. 10, lines 7-12) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the device disclosed by Doctor Web to 
include an anti-virus system integrated with the operating system and operable to 
monitor the data storage system, input/output system, networking system, application 
program execution environment, and interfaces to peripheral devices to detect and 
report the presence of at least one virus. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so as 
suggested by Walsh (Abstract) in order to have a system that provides protection from 
infection or damage by a virus and advise the possible danger of spreading the virus. 
As per claims 14 and 29: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose a computer wherein the anti-virus system comprises a module 
operable to prevent execution of a virus. Walsh in analogous art, however, discloses an 
anti-virus system comprises a module operable to prevent execution of a virus. (Col. 2, 
lines 63-67; Col. 3, lines 20-22) 
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Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the device disclosed by Doctor Web to 
include an anti-virus system integrated with the operating system and operable to 
monitor the data storage system, input/output system, networking system, application 
program execution environment, and interfaces to peripheral devices to detect and 
report the presence of at least one virus. This modification would have been obvious 
because a person having ordinary skill in the art would have been motivated to do so as 
suggested by Walsh (Abstract) in order to have a system that provides protection from 
infection or damage by a virus and advise the possible danger of spreading the virus. 
7. Claims 6-9 and 18-21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over "Doctor Web for Windows (workstation) published by DialogueScience, Inc., 1999 
(hereinafter Doctor Web) in view of Holland, III et al. (hereinafter Holland) United States 
Letter Patent Number 6,851 ,061 . 
As per claims 6 and 18: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose a computer and a method wherein intrusion detection is integrated 
with a networking stack of the networking system above the link layer operable to 
access raw network frames. 

Holland in analogous art, however, discloses intrusion detection is integrated with 
a networking stack of the networking system above the link layer operable to access 
raw network frames. (Figure 4; Col. 2, lines 26-27 and lines 35-36; Col. 5, lines 25-27; 
Col. 6, lines 29-61) 
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Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the computer and the method disclosed by 
Doctor Web to include intrusion detection is integrated with a networking stack of the 
networking system above the link layer operable to access raw network frames. This 
modification would have been obvious because a person having ordinary skill in the art 
would have been motivated to do so as suggested by Holland (Col. 2, lines 17-19) in 
order to have a scalable solution providing packet traffic for network intrusion detection 
and analysis. 
As per claims 7 and 19: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose a computer and a method wherein the intrusion detection system 
is integrated with a networking stack of the networking system above the network layer 
operable to access reassembled fragments. 

Holland in analogous art, however, discloses an intrusion detection system is 
integrated with a networking stack of the networking system above the network layer 
operable to access reassembled fragments. (Figure 4; Col. 5, lines 9-22 and lines 29- 
46; Col. 6, lines 29-61) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the computer and the method disclosed by 
Doctor Web to include intrusion detection is integrated with a networking stack of the 
networking system above the link layer operable to access raw network frames. This 
modification would have been obvious because a person having ordinary skill in the art 



Application/Control Number: 10/002,072 Page 10 

Art Unit: 2137 

would have been motivated to do so as suggested by Holland (Col. 2, lines 17-19) in 
order to have a scalable solution providing packet traffic for network intrusion detection 
and analysis. 
As per claims 8 and 20: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose a computer and a method wherein the intrusion detection system 
is integrated with a networking protocol stack of the networking system above the 
transport layer. 

Holland in analogous art, however, discloses an intrusion detection system is 
integrated with a networking protocol stack of the networking system above the 
transport layer. (Figure 4; Col. 6, lines 29-61; Col. 7, lines 17-42) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the computer and the method disclosed by 
Doctor Web to include intrusion detection is integrated with a networking stack of the 
networking system above the link layer operable to access raw network frames. This 
modification would have been obvious because a person having ordinary skill in the art 
would have been motivated to do so as suggested by Holland (Col. 2, lines 17-19) in 
order to have a scalable solution providing packet traffic for network intrusion detection 
and analysis. 
As per claims 9 and 21: 

Doctor Web teaches all the subject matter as discussed above. Doctor Web does 
not explicitly disclose a computer and a method wherein the intrusion detection system 
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is integrated with a networking stack of the networking system between the network 
layer and the transport layer and between the transport layer and the application layer. 

Holland in analogous art, however, discloses an intrusion detection system is 
integrated with a networking stack of the networking system between the network layer 
and the transport layer and between the transport layer and the application layer. 
(Figure 4; Col. 6, lines 29-61; Col. 7, lines 17-42) 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the computer and the method disclosed by 
Doctor Web to include intrusion detection is integrated with a networking stack of the 
networking system above the link layer operable to access raw network frames. This 
modification would have been obvious because a person having ordinary skill in the art 
would have been motivated to do so as suggested by Holland (Col. 2, lines 17-19) in 
order to have a scalable solution providing packet traffic for network intrusion detection 
and analysis. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See Form PTO-892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Shewaye Gelagay 
3/24/06 
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SUPERVISORY PATENT EXAMINER 



